e2b99f150f
* Add scripts to rebrand variables.env and overleaf.rc
* Update bin/upgrade to prompt for config file rebrand
* Update bin/up to check for correct variable prefix
Ensures SHARELATEX_ is in place for version <= 4.x, and
OVERLEAF_ for version >= 5.x
* Rebrand variables for bin/docker-compose
Updates docker-compose.base.yml and sibling containers
base file with the changes in the script
* Update bin/doctor to support OVERLEAF_ prefix
* Update documentation with the OVERLEAF_ prefix
* Rebrand variables.env and overleaf.rc in config-seed
* Prepare config/version and CHANGELOG for release (WIP)
* Fix script documentation
Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>
* Fix doctor logs
Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>
* Remove unnecessary fallbacks to SHARELATEX_ vars
* SEt OVERLEAF_DATA_PATH to data/overleaf
* Remove duplicated environment entries
* Moved prefix brand checs from bin/up to bin/docker-compose
* Move set +o pipefail into subshell commands
* Use separate legacy compose files for required SHARELATEX_ vars
* Handle overleaf.rc rebranding before version upgrade
* Group output from rebranding process
* Move prompt for rebranding into helper function
* Refuse to start with mismatching ShareLaTeX vs Overleaf branded configs
* Print expected prefix when checking variables.env
* Print number of mismatching variables in overleaf.rc
* Check on variable rebranding from bin/doctor
* Cleanup bin/doctor lookup for ShareLaTeX branded overleaf.rc
* Update filesystem paths in bin/logs and docs
* Flag old TEXMFVAR entry in config/variables.env
REF: 1829e7ee2a
* Update config-seed version to 5.0.1 and changelog
---------
Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>
2.4 KiB
Overleaf SAML
Available in Overleaf Server Pro is the ability to use a SAML server to manage users.
SAML is configured in the Toolkit via variables.env.
The EXTERNAL_AUTH variable must be set to saml, to enable the SAML module:
EXTERNAL_AUTH=saml
(To preserve backward compatibility with older configuration files, if
EXTERNAL_AUTH is not set, but SHARELATEX_SAML_ENTRYPOINT is set (SHARELATEX_LDAP_URL for versions 4.x and older), then the SAML
module will be activated. We still recommend setting EXTERNAL_AUTH explicitely)
The Developer wiki contains further documentation on the available Environment Variables and other configuration elements.
Example
At Overleaf, we test the SAML integration against a SAML test server. The following is an example of a working configuration:
# added to variables.env
# For versions of Overleaf CE/Server Pro `4.x` and older use the 'SHARELATEX_' prefix instead of 'OVERLEAF_'
EXTERNAL_AUTH=saml
OVERLEAF_SAML_ENTRYPOINT=http://localhost:8081/simplesaml/saml2/idp/SSOService.php
OVERLEAF_SAML_CALLBACK_URL=http://saml/saml/callback
OVERLEAF_SAML_ISSUER=sharelatex-test-saml
OVERLEAF_SAML_IDENTITY_SERVICE_NAME=SAML Test Server
OVERLEAF_SAML_EMAIL_FIELD=email
OVERLEAF_SAML_FIRST_NAME_FIELD=givenName
OVERLEAF_SAML_LAST_NAME_FIELD=sn
OVERLEAF_SAML_UPDATE_USER_DETAILS_ON_LOGIN=true
The sharelatex/saml-test image needs to run in the same network as the sharelatex container (which by default would be overleaf_default), so we'll proceed with the following steps:
- Run
docker network create overleaf_default(will possibly fail due to anetwork with name overleaf_default already existserror, that's ok). - Start
saml-testcontainer with some environment parameters:
docker run --network=overleaf_default --name=saml \
--publish='8081:80' \
--env SAML_BASE_URL_PATH='http://localhost:8081/simplesaml/' \
--env SAML_TEST_SP_ENTITY_ID='sharelatex-test-saml' \
--env SAML_TEST_SP_LOCATION='http://localhost/saml/callback' \
sharelatex/saml-test
- Edit
variables.envto add the SAML Environment Variables as listed above. - Restart Server Pro.
You should be able to login using sally as username and sall123 as password.